What is WhiteBIT Australia API?

WhiteBIT Australia API is an automation tool that allows developers to create programs and applications to interact with our exchange. It can be used to perform such actions as creating and managing orders to buy and sell cryptocurrencies, getting information about the market, account balance, and much more.

How to use WhiteBIT Australia API?

Before using the API, we need to enable two-factor authentication (2FA) on the account.

After that, you need to generate API keys, which are used to authenticate the user and provide integration with the API.

Follow the simple instructions to activate the keys:

  • Go to API settings in your account and select "Edit" in the appropriate section;
  • After clicking "Generate API Key", enter your 2FA code;
  • In the window that appears, you will see a pair of API keys - make sure to save them, as you will need them for further authentication of operations in the API interface.

     

Make sure you keep your Secret Key securely stored, as it will not be recoverable once you close this page. At the same time, your Public Key is always available, and it is not a threat when shared with third parties. Unlike the Secret Key, the Public Key itself offers little opportunity for unwanted actions.

  • On the same page, you can also select the endpoints you plan to use. For API key testing purposes, selecting all available endpoints is recommended, as you will be able to edit this selection in the future.
  • Then, confirm your actions by entering the 2FA code;
  • And there you go, your API keys are ready to use!

     

After creating an API key pair, it is also possible to change IP access. Using the IP address access restriction feature, you can include your own IPv4 and IPv6 addresses in the list of trusted IP addresses.

When this function is activated, if a request for API keys is sent from another IP address, the API keys are automatically deactivated. A notification will be sent to your email address with the public key and the IP address from which the request was sent.

If this IP address belongs to you and is trusted, the API can be reactivated by adding it to the list of trusted IP addresses.

You can add up to 20 addresses to the list of trusted IP addresses.

Back to the list of available endpoints to use, it is important to note that each of the categories and subcategories presented is responsible for a different group of operations for managing your exchange account. You can create and use your keys to perform operations in one or more of the following available categories:

  • Deposit;
  • Withdrawal;
  • Transfer between balances;
  • Wallet balance and history;
  • Codes;
  • Trading Balance and History;
  • Order Management.

     

More detailed information about the functionality of our exchange's API can be found in the technical manual, which is presented in a simple and accessible format.

Extended documentation is also available in the public software repository on GitHub.

 

You can also use DEMO tokens to test the functionality of our API.

Fast API Key Creation via OAuth

Fast API Key Creation via OAuth enables the instantaneous connection of partner apps to WhiteBIT, eliminating the need for manual API key configuration.

Traditionally, integrating with partner applications required users to manually generate API keys, copy sensitive credentials, and configure permissions—a cumbersome and time-consuming process. The integration of OAuth 2.0 with WhiteBIT provides secure, token-based authorization for partner applications, allowing them to access the WhiteBIT platform on behalf of users. This implementation adheres to industry standards while offering specialized features designed specifically for cryptocurrency trading and account management.

How to Create an API Key Using OAuth

To begin, you must initiate the connection from partner platform. You will then be redirected to the WhiteBIT OAuth authorization page.

Log in to your account (if you have not already done it) and review the requested OAuth create, read, and delete API keys. Next, select the specific endpoints you intend to use for the API key, following the same permission model as manually created keys.

All selected endpoints are clearly listed in the modal window. If the list includes withdrawal permissions, you must explicitly confirm via a checkbox before proceeding.

All OAuth authorizations require action confirmation via a 2FA code.

Upon successful MFA verification, the application exchanges the authorization code for an OAuth access token and calls the API key creation endpoint. The API Secret Key is displayed only once and cannot be retrieved again.

The WhiteBIT OAuth 2.0 implementation supports a wide range of available endpoints that can be requested during client setup, including:

  • Access to account information;
  • Balance and transaction history;
  • Order management (read, create, delete);
  • Access to market data;
  • Trading history;
  • As well as more specialized access rights.

Comprehensive documentation is also available in our public software repository on GitHub.

Key Considerations:

  • One Key per Platform-User Pair: Only one active OAuth-generated API key is permitted per unique platform and user. If a key already exists, a new one cannot be created until the existing one is deleted.
  • Short-Lived OAuth Tokens: Access tokens are valid for 4 hours and are restricted solely to creating, managing, and deleting keys—they cannot be used for trading or withdrawals.
  • Automatic IP Restrictions: Keys generated via OAuth are restricted to the platform's registered IP address ranges. You cannot view or modify the allowlist for these specific keys.
  • Immutable Keys: Once created, endpoints, IP allowlists, and key names cannot be edited. Deactivation and reactivation are not supported; the key must be deleted and recreated.
  • Automatic Deletion Triggers: Keys are automatically revoked in the event of API inactivity for 14 days, platform-side access revocation, account password changes, or account freezes due to AML/compliance requirements.
  • Global API Key Limit: The global limit of 50 API keys applies to the combined total of both manually created and OAuth-generated keys.

WhiteBIT Australia Webhook

Webhook is used to receive feedback from the server about the execution of various processes on your account, such as successful withdrawal of funds or activation of a WB code.

To activate Webhook keys, you need to follow similar steps as for API keys in the Webhook settings section of your account. There are several ways of activation:

  • Adding the public key to the TXT domain record specified when creating the key;
  • Adding the file “whiteBIT-verification.txt” with the contents of your Webhook public key to the root folder of your site;
  • Creating a “check-wb-webhooks” endpoint on your server that will return the Webhook public key.

     

To start activating a Webhook key, you need to create it on the exchange. It should be noted that you can create only one Webhook key. To do this, follow the steps below:

  • Go to Webhook settings in your account and select “Edit” in the appropriate section;
  • As with creating API keys, be sure to save the Secret Key in a safe place. Once you close the page with the “Confirm” button, the Secret Key will no longer be available;
  • Done! Webhook keys will be created.

     

Note that, as with API keys, creating a Webhook key does not automatically enable it. You must move the slider to the active position to activate Webhook.

More detailed information on setting up and using Webhook can be found in the relevant section of our Webhook documentation.

Webhook Service Level Agreement (SLA)

Continuous Webhook delivery requires stable operation and correct responses from the client's servers. If difficulties arise on the client's server side (slow operation, no response, or incorrect response), the Webhook is resent. If there are a large number of resends, the system becomes overloaded, which slows down Webhook sending for all clients.  

To overcome such delays, namely by automatically checking the quality of the client's Webhook, an SLA (Service Level Agreement) was implemented. The essence of its function lies in the fact that if the SLA falls below a specified leve (90%)l, the sending of Webhooks to the client is disabled.

A Webhook is considered unprocessed in the following cases:

  • The response takes more than 3 seconds;
  • HTTP status ≠ 200.

Please note that each such Webhook will be resent up to 5 times.

The SLA is calculated using the formula: SLA = (number of successful Webhooks) / (total number of sending attempts).

For example, if 90 successful Webhooks were received out of 100 sent during the day, the SLA will be 90%. 

What are the most common questions that come up?

What happens to API and Webhook keys when two-factor authentication (2FA)  is disabled?

  • When 2FA is turned off, your API and Webhook keys will be disabled and can only be reactivated when 2FA is turned on.

     

Do API keys have an expiry date and how many can be created?

  • If an API key remains inactive for 14 days, it will be automatically deactivated for security purposes. The maximum limit of keys available is 50 keys.

     

Can I use a random domain to test the performance of Webhook keys?

  • Our system does not allow such action. To activate Webhook key, you need to confirm ownership of the domain.

Possible errors when using the API

This action is unauthorized. Enable your key in API settings.

If you encounter this error, please check whether you have enabled your API key. To activate it, move the “Endpoint access” slider next to the desired endpoint. 
If you have previously set an IP restriction, your API key may be deactivated when used from a new IP address. A corresponding email will be sent to your email address. 

Please note: if you are sure that you used the API key from your IP address, you can add it to the list of trusted IP addresses. If you do not know this IP address, you need to recreate a new API key.

 

You don't have permission to use this endpoint. Please contact support for more details.

The endpoint you used is only available to B2B customers.

 

Too many requests.

If your request body does not contain the “nonceWindow” parameter, please add it. In case the error persists after adding, you will need to create a new API key.

If the “nonceWindow” parameter is already used in your request body, you need to make sure that the values are specified in milliseconds.

 

The selected ticker is invalid.

The cryptocurrency ticker you entered is invalid. Please check that you have entered the ticker correctly.

 

Currency is not depositable/withdrawable.

Deposits/withdrawals of the cryptocurrency you specified are currently closed. News regarding the availability of cryptocurrencies deposits/withdrawals is published in our Telegram channel.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request